Roll Out New Configuration Manager Distribution Point with PowerShell

Here is a quick example how to install new Configuration Manager Distribution Point with PowerShell. As you see we have many options to expand this script. We can install Windows Server features, reboot it remotely, install additional software etc. It all depends how you wanna install and configure it. #Import the Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE #Change the connection context Set-Location "$($SiteCode.Name):\" #New DP Information $DistributionPoint = '' $SiteCode = 'PS1' # Test the connection to server     Test-Connection         -ComputerName $DistributionPoint # OPTIONAL - Install Windows Server Roles and Features     Install-WindowsFeature         -Name Web-ISAPI-Ext,Web-Windows-Auth,Web-Metabase,Web-WMI,RDC         [...]

December 2nd: Part 2: Uninstall Java (or any other software) with ConfigMgr Compliance Baselines

It's December 2nd and Christmas is just around the corner! Yesterday Jakob kicked off the Coretech December Calendar with a great post about "Triggering a webhook from a SharePoint workflow using Out-of-the-box Activities" (Check out his blog post here:  That was the  first, this is the second post in the Coretech blog series that will continue until December 24th - Christmas Eve! :) In Part 1 ( I explained how you can utilize ConfigMgr Compliance Baselines for uninstalling software like Java, Adobe etc. with the help of PowerShell and WMI. Well in Part 1 we used the Win32_Product class which is not recommended [...]

Part 1: Uninstall Java (or any other software) with ConfigMgr Compliance Baselines

Compliance Items and Compliance Baselines in ConfigMgr is so powerful! And with some PowerShell magic you can almost use it to do anything you like on a Windows based computer – Only your imagination that will be the showstopper! Here I will show how you can uninstall software using WMI and Compliance Items in SCCM. However, it is important that you read the following articles as the uninstallation process uses win32_product WMI class which is known for its evilness. Thanks to Kaido, Jürg and Torsten for pointing this one out. A updated post as been created using a better and more [...]

Troubleshooting: An error occurred when creating the WSUS Signing Certificate (Secunia)

Lately I have been doing some Secunia integrations with System Center 2012 R2: Configuration Manager (SCCM/ConfigMgr 2012). When you are setting up the connector between Secunia CSI and WSUS one of the first things the wizard is asking you to do is to Configure a WSUS Self-Signed Certificate, the WSUS signing certificate is required to create and install local packages. Without it, only packages from Microsoft Update will be installed. How-ever this time I got this error when trying to 'Automatically create and install certificate'  during the Connector Wizard: An error occurred when creating the WSUS Signing Certificate Now this [...]

By | 2015-10-20T20:14:46+00:00 October 20th, 2015|Configuration Manager (SCCM), Security|1 Comment

How to: Create custom SQL- based Reports in System Center 2012 R2: Configuration Manager

A customer asked me  for a “how-to” on how to Create reports in SCCM 2012, so why not share with everyone. This post is not intended to show how to write or design queries, but show you have to create  a report based on a SQL query you might already have. Even-though we are skipping how to write SQL Queries for know, this post is still going to be a bit long. Time for that cup of coffee! First some requirements: You need to have an SQL Server instance for SCCM with SQL Reporting Services running You need to have [...]

Upgrade System Center Configuration Manager Console with PowerShell

Since Service Pack 1 was released to SCCM 2012 R2 I have been upgraded several environments. A couple of customers wanted me to create a PowerShell script to uninstall existing ConfigMgr Console and install the new updated version with the latest cumulative updates and hotfixes. If you create a package to distribute it with SCCM make sure you point the Data source to the location of the Client installations files, Script, KB3084586-msp and kb3074857-msp. Installation command for the program will then be: PowerShell.exe -file "script.ps1". Remember to set PowerShell execution policy to "Bypass" under Client Settings. This will not affect [...]

Slides and links from my Site Review session @NIC 2015

  Autmating the WSUS Cleanup process - SQL PowerShell audit script Splitting existing ConfigMgr database into multiple SQL files Pre-creating the database before installing Configmgr – download script Multiple software upate points and shared db – Slide deck SQL Script to for fragmentation on the SQL DB Checking the database fragmentation: Use CM_PS1 Go SELECT DB_NAME(database_id) AS [Database Name], OBJECT_NAME(ps.OBJECT_ID) AS [Object Name], AS [Index Name], ps.index_id, index_type_desc,     avg_fragmentation_in_percent, fragment_count, page_count FROM sys.dm_db_index_physical_stats(DB_ID(),NULL, NULL, NULL ,N’LIMITED’) AS ps     INNER JOIN sys.indexes AS i WITH (NOLOCK)     ON ps.[object_id] = i.[object_id] AND ps.index_id [...]

By | 2015-02-14T14:51:53+00:00 February 14th, 2015|Configuration Manager (SCCM), General info|2 Comments

Deploying WPA-2 personal WIFI profiles using ConfigMgr & Intune

For hybrid environments (that being ConfigMgr integrated with Microsoft Intune), it’s not possible to deploy a WIFI profile using a pre-shared secret in the UI. This will however not prevent you from creating and deploying WPA-2 Personal security WIFI profiles in the console. You will just be deploying the WIFI profile without the WIFI password.  Windows Phone 8.1 will re-apply the same profile over and over again When users receive the WIFI profile all they have to do is add the password and they will have WIFI connection. This works great for Android and iOS, but not for Windows Phone [...]

By | 2015-01-28T14:28:20+00:00 January 28th, 2015|Configuration Manager (SCCM)|4 Comments

Intune Extensions will not install

It’s a common issue, but still worth mentioning. Being a Full Administrator is NOT the same as having full control of all features in the ConfigMgr console. An example is enabling new Intune Extensions like the one released in late December. As usual you are prompted when new Extensions are available. In this example I’m logged in as Full Administrator and trying to enable the extension in the Administration workspace. All looks good, right until the point where I accept the License Terms, And boom! I do not have the required permissions even though I’m a Full Administrator! Rule #7 [...]

By | 2015-01-02T10:36:21+00:00 January 2nd, 2015|Configuration Manager (SCCM)|0 Comments

Managing WIFI certificates for iOS devices with ConfigMgr MDM

This will be the last Christmas blog post from Coretech in 2014. A huge thanks to all of you who followed our Christmas blogs in December. @Coretech we wish you and your loved ones a Merry Christmas and a Happy New Year – We look forward to service you again in 2015 with knowledge, inspiration and best practices on Microsoft technologies One of the many need features offered by ConfigMgr & Intune is the ability to deploy certificates and WIFI profiles. Both are essential when implementing a MDM/BYOD strategy. Creating the required SCEP certificate for iOS As mentioned in a [...]

By | 2014-12-23T14:09:31+00:00 December 23rd, 2014|Configuration Manager (SCCM), General info|3 Comments

Why System Center Updates Publisher aka SCUP is still a great tool

Welcome to the Coretech x-mas blog Calendar where we will give you a little insiders tip every single day in December.   Even if I don’t deploy 3rd party updates with SCUP 2011 I still use the tool for two purposes. I always upgrade my ConfigMgr clients and consoles to the latest CU using the built-in cab files. This allow me to use my existing software updates collections and I don’t have to worry about specific platforms since the detection rules in SCUP will take care of that. You can find the cab files on the site server in %Program [...]

By | 2014-12-01T08:56:43+00:00 December 1st, 2014|Configuration Manager (SCCM), General info|1 Comment

Upgrading ConfigMgr 2012 R2 Primary site server from Windows Server 2012 to Windows Server 2012 R2

Maybe my most boring blog post ever, but just finished upgrading the primary site server from Windows Server 2012 to Windows Server 2012 R2. After the upgrade I performed a ConfigMgr Site reset (not required, but just in case). Testing out the different features and all but one looked to be doing just fine. The only feature that didn’t work was the Software Update feature. A quick look in the wsyncmgr.log file revealed that the server wouldn’t synchronize between the primary site server and the WSUS server. Sometimes the solution is just too easy and almost not even worth blogging [...]

By | 2014-11-29T20:50:33+00:00 November 29th, 2014|Configuration Manager (SCCM), General info|2 Comments

Using Server V.Next as a ConfigMgr 2012 R2 CU3 site system role

Does it work? Sure it does, is it supported? – No way In my test I deployed the new Windows Server Technical Preview 9841, installed the distribution point, management point and software update point requirements. Here you see the distmgr.log file distributing content to my distribution point – notice the server version number. Windows 10 client downloading from the Server vNext distribution point Management Point works like a charm Application Catalog point running from a Windows 10 client Software update point configured as the second SUP works. The SUP is installed using the same shared database as my Windows [...]

By | 2014-10-02T12:07:20+00:00 October 2nd, 2014|Configuration Manager (SCCM)|0 Comments

Windows 10 as ConfigMgr 2012 R2 client

No, the client is not supported and yes it works with most of the features. In my case I used Jason Sandy’s startup script to get my client installed. Here is a few screenshots of what I have tested so far: Client is installed and assigned The Application Catalog feature works Application and package deployment works like a charm Compliance Settings tested and working Inventory works Software Update scanning works OS deployment works – just check the blog post from Johan Arwidmark -

By | 2014-10-02T11:45:29+00:00 October 2nd, 2014|Configuration Manager (SCCM)|1 Comment

Scripts and links from the ConfigMgr 2012 Site Review session @IT/Dev connections

A big thanks to all who showed up at our session, Steve and I had a fantastic time and could easily have gone on for 75 more minutes Below are the links to the scripts and blog post we referenced during the session. Hope to see you all again next year! Optimizing ConfigMgr database:   Background on maintenance task:   Configuring SQL Backup and recovery, includes link to demo:   Autmating the WSUS Cleanup process SQL PowerShell audit script

By | 2014-09-18T11:58:08+00:00 September 18th, 2014|Configuration Manager (SCCM), General info|1 Comment

Links from the ConfigMgr 2012 R2 precon @IT/Dev Connections

Thanks for a great day @Aria in Las Vegas. As promised here are the links we (@Jarwidmark and @Agerlund) mentioned during our preconference: Pre-creating the database using this script SQL backup and restore Software Update Report dashboard rdl file Software Update step-by-step: PowerShell Script to set permissions in Active Directory for OSD Hydration for System Center 2012 R2 Script for Deploying a reference image (VM) fully unattended Link to Jason Sandy's startup script for ConfigMgr Client: Video - Compliance Settings and Control End–User Installed Software Coretech Configuration Manager shutdown utility How to [...]

By | 2014-09-17T14:41:21+00:00 September 17th, 2014|Configuration Manager (SCCM)|1 Comment

Managing 3rd. party Software Updates with System Center 2012 ConfigMgr & Secunia CSI Part II

In Part I focused on installing and configuring Secunia CSI 7 and System Center 2012 R2 ConfigMgr. In this part I will explain how you can deploy software updates. I do anticipate that you already have a working Software Update Management infrastructure managed by System Center 2012 R2 ConfigMgr. Deploying 3rd party software updates The process of deploying 3rd party software updates can be initiated from the CSI web portal or using the System Center 2012 R2 ConfigMgr plugin. In my world updates are divided into two categories: Applications managed and supported by the organization. In this category I often [...]

By | 2014-08-27T11:51:02+00:00 August 27th, 2014|Configuration Manager (SCCM), General info|1 Comment

Troubleshooting Workgroup Clients with PKI not talking with MP

I had a ConfigMgr 2012 R2 case going on for a while with Workgroup clients in a DMZ zone that wouldn’t communicate with the Management Point. A PKI infrastructure was in place and running, and the ConfigMgr Client was installing fine on these workgroup clients – but when the time came for the client to start talking with the Management Point i had numerous errors in LocationService.log and ClientIDManagerStartup.log and in a couple of other logs. Errors in the LocationServices.log >> Failed to send request to /ccm_system_AltAuth/request at host MPServerFQDN, error 0x2f8f >> Error sending HEAD request. HTTP code 600, [...]

By | 2014-08-21T14:32:47+00:00 August 21st, 2014|Configuration Manager (SCCM)|1 Comment

Managing 3rd. party Software Updates with System Center 2012 ConfigMgr & Secunia CSI Part I

Question if often get when visiting customers;”Is there really a need for managing our 3rd. party applications when we already patch Adobe Reader and JAVA”? The short answer is Yes, and the longer answer is please look at the numbers. The absolute number of vulnerabilities detected in 2013 was 13,073, discovered in 2,289 products from 539 vendors. The number shows a 45% increase in vulnerabilities in the five year trend, and a 32% increase from 2012 to 2013. Knowing these numbers I get the feeling that only patching Adobe Reader and JAVA is not enough to keep my environment secure. [...]

By | 2014-08-21T12:30:07+00:00 August 21st, 2014|Configuration Manager (SCCM), General info|0 Comments

Collections not being refreshed in ConfigMgr 2012 R2

Case, old collections do not refresh when adding or removing objects to the collection. New collections are updated, it just takes a long time. Looking in the colleval.log file there was a lot of errors like this: *** exec dbo.sp_TransferMembership 'PS100014', 0    SMS_COLLECTION_EVALUATOR    02-06-2014 23:14:36    7392 (0x1CE0) *** [23000][547][Microsoft][SQL Server Native Client 11.0][SQL Server]The INSERT statement conflicted with the CHECK constraint "ClientOfferStatus_ItemKey_Partition_CK". The conflict occurred in database "CM_PS1", table "dbo.ClientOfferStatus", column 'ItemKey'. : CollectionMembers_ins_upd_del    SMS_COLLECTION_EVALUATOR    02-06-2014 23:14:36    7392 (0x1CE0) CCollectionSource_SQL::RefreshResults - could not execute SQL cmd exec dbo.sp_TransferMembership 'PS100014', 0    SMS_COLLECTION_EVALUATOR    02-06-2014 23:14:36    7392 (0x1CE0) STATMSG: ID=601 SEV=E LEV=M SOURCE="SMS [...]

By | 2014-06-03T12:26:49+00:00 June 3rd, 2014|Configuration Manager (SCCM)|7 Comments

Links and notes from the MVP Expert Session @TechED 2014 Houston

One word – Awesome! Attending the MVP Expert session along with 1000 attendees as speaker was nothing short of an awesome experience. For those of you who couldn’t attend session, you can catch the recording here: The scripts I used The collection/Excel tool

By | 2014-05-13T16:10:07+00:00 May 13th, 2014|Configuration Manager (SCCM), Events|10 Comments

Links and notes from the “ConfigMgr in the Real World” precon @ TechEd NA 2014

First a huge thanks to the 341 attendees showing up at the precon, you all contributed to making this a day to remember for both Johan and I. By now we should have answered all questions that was posted to #TEPRC10 on Tweeter. Precon links from Johans blog: Pre-creating the database using this script Checking the database fragmentation: Use CM_PS1 Go SELECT DB_NAME(database_id) AS [Database Name], OBJECT_NAME(ps.OBJECT_ID) AS [Object Name], AS [Index Name], ps.index_id, index_type_desc,     avg_fragmentation_in_percent, fragment_count, page_count FROM sys.dm_db_index_physical_stats(DB_ID(),NULL, NULL, NULL ,N'LIMITED') AS ps     INNER JOIN sys.indexes AS i WITH (NOLOCK)     ON ps.[object_id] [...]

By | 2014-05-13T15:36:49+00:00 May 13th, 2014|Configuration Manager (SCCM), Events|3 Comments

Dealing with Jailbroken/Roted devices in ConfigMgr 2012 R2 & Intune

As you enroll a mobile device into Intune/ConfigMgr 2012 R2, inventory data will automatically be uploaded to the ConfigMgr database. One of the data being collected is the Jailbroken/rooted condition. In the below example the device is being detected as a jailbroken device. One of the many benefits of using Intune as the MDM solution is the integration with System Center 2012 R2 Configuration Manager. Once data is in the database we can use the entire ConfigMgr engine to manage the device. MDM devices in ConfigMgr can be managed using the Application Model and the Compliance Management feature. Especially the [...]

By | 2014-04-10T10:18:04+00:00 April 10th, 2014|Configuration Manager (SCCM), General info|0 Comments